Important Worldwide Community Notice – Cyber War

Today I received, what I consider to be an important message from Sam Volkering.

War. By definition it’s an act of aggression by a country against another.
You don’t need to look far today for examples. It’s pretty safe to assume Russia and the Ukraine are at war by that definition, even if they haven’t declared it ‘officially’. What started with Russian forces in Crimea spilled out into Ukraine. I imagine the civilians in the path of the conflict aren’t terribly comforted by the governments telling them it isn’t an ‘official’ war.
If you ask the average punter in the street, ‘What is war?’ they might say armies, guns, tanks, planes. It means ‘old school’ military might. Soldier versus soldier. I would call this the ‘common understanding’ of war.
But it’s the uncommon understanding of war that you should really be worried about.
War in the 21st century is different to what it was 100 years ago. Sure there are still soldiers, planes and tanks. But the real warfare of the 21st century is cyberwar.

A slight exaggeration of the truth

Now I’ll be the first to admit, I bandy the term ‘cyberwar’ around a bit. To be honest, I probably do it too much. In fact, there might even have been times where you’ve read my work on ‘cyberwar’ and thought, ‘oh here we go again…’
So let’s make a clean start. Let’s start holding ourselves to a higher standard when it comes to the term ‘cyberwar’. After all, cyber war is an act of aggression.
And if you look at all the previous major state-backed cyber attacks, none of them really fit the definition of war.
Take for instance the Chinese attacks on the US DoD to steal plans for the JSF F-35 Lightning. This wasn’t an act of war, this was cyber theft. It was cyber espionage. It was at the very worst cyber sabotage. But it wasn’t really cyber war.
The North Korean cyber attacks on Sony Pictures. War? No not really. Not by definition. It was more ‘cyber theft’ than anything else.
So I will put my hand up and say enough. I’ll call it as it is and not exaggerate to put the fear of cyber-god into you. But when cyber war really does happen, well you better be ready for it.
The fact is the first real example of cyber war started on Christmas Eve, 2015. This was real war. It involves the Russians and the Ukraine. And if that was the first example of real cyberwar, then you really do now have a lot to worry about.

‘Hey Borys, my mouse isn’t working’

Christmas eve at the Prykarpattyaoblenergo power plant, Ivano-Frankovsk Oblask, Ukraine. It’s the middle of winter. Average temperatures this time of the year are about -4 degrees Celsius. It’s bloody cold. As such, the demand for electricity from the power plant is immense.
It’s really a critical time of the year. The time when you don’t want the power to go out.
The operators on staff that night are sitting at their control centres. This is the remote operation from which they can control all of the relays and switches, ensuring power to the region.
One of the operators notices something funny. Let’s call him Sergey. Sergey’s mouse isn’t working. You know that experience? When you’re at work, the mouse stops working, you slide it around frantically but nothing happens.
Chances are a flat battery (if it’s a Bluetooth one) or it’s unplugged from the USB somehow. Problem here is while Sergey’s mouse isn’t working, the cursor on his screen still is.
Sergey turns to Borys, another operator and says, ‘Hey, Borys, my mouse isn’t working. But the cursor still is.’
Boris notices his mouse isn’t working either. But his cursor is also still going. In fact every computer, every operator in the building no longer has a working mouse. This is a problem.
What they see next they have no control over whatsoever. The cursors on the screen, one by one, start switching off all the relays. Power shuts off systematically to the entire region. Then the cursor moves to the one they really didn’t want to see…the one that turns off the power to the power plant itself.
Instantly the whole power plant falls into freezing darkness.

The beginning of the next arms race

I’m currently at The Next Web Europe conference in Amsterdam. TNW is, ‘a 2-day technology festival that brings together international technology executives, top-tier investors and promising startups for two days of business, knowledge sharing and the best time you’ve ever had.’
No, the best thing about the Netherlands isn’t the drugs. In fact it’s their ability to put on a great tech conference like this. It really does showcase some of the best and brightest minds in the tech sector.
And on Thursday Mikko Hypponen, Chief Research Officer at F-Secure [HEL:FSC1V], was talking about cyber war. Hypponen was explaining that the Prykarpattyaoblenergo attack started with an email.
A simple email sent to an operator at the power plant. On the email was an Excel spreadsheet attachment. The receiver clicked on a link to enable macros in the spreadsheet. It then planted a Trojan in the computer system. This was how a shadow operator from Russia was able to take control and shut down the power plant.
At the same time as the attack, fake phone calls were inundating the power plant call centre. They jammed the phone system so real people couldn’t call in to notify of outages. All the fake calls came from Russia.
Hypponen explained to the crowd on Thursday this was the world’s first, ‘real’ example of ‘cyberwar’. It was a Russian attack, an act of aggression, on critical Ukrainian infrastructure. That is an act of war.
Hypponen finished up with a comment that you should take particular notice of. It’s something I’ve been saying for some time. But perhaps hearing it from one of the world’s leading cyber researchers will have more impact.
He said, ‘we are only seeing the beginning of the next arms race, the next online arms race.’
If this is only the beginning then what comes next could be utterly devastating.